A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality.

The vulnerability is caused due to an error in the handling of LHA and RAR files with malformed archive file headers. This can be exploited to bypass the anti-virus scanning functionality via a specially crafted LHA or RAR file.

The vulnerability is reported in the following products and versions:
F-Secure Anti-Virus for Workstations version 7.00 and earlier
F-Secure Anti-Virus for Windows Servers version 7.00 and earlier
F-Secure Anti-Virus for Citrix Servers version 5.52
F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
F-Secure Client Security version 7.00 and earlier
F-Secure Anti-Virus for MS Exchange version 7.00 and earlier
F-Secure Internet Gatekeeper version 6.61 and earlier
F-Secure Internet Security 2005, 2006 and 2007
F-Secure Anti-Virus 2005, 2006 and 2007
Solutions based on F-Secure Protection Service for Consumers version 7.00 and earlier
F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
F-Secure Linux Client Security 5.52 and earlier
F-Secure Linux Server Security 5.52 and earlier
F-Secure Internet Gatekeeper for Linux 2.16 and earlier

Solution
Fixed automatically in database updates.

Provided and/or discovered by
The vendor credits Thierry Zoller, n.runs AG.

Changelog
Further details available to Secunia VIM customers

Original Advisory
http://www.f-secure.com/security/fsc-2007-5.shtml

Deep Links
Links available to Secunia VIM customers